6 Framework Libraries

DORA-First Coverage, Clearly Scoped.

OneComply launches around DORA operational-resilience workflows for EU financial entities. ISO 27001, NIS2, GDPR, CSSF 22/806, and CRA are exposed as mapped evidence and readiness layers with explicit coverage labels.

378 ControlsCross-Framework MappingCoverage Labels

DORA — EU 2022/2554

Digital Operational Resilience Act

End-to-end workflow coverage

Primary launch workflow for EU financial entities: ICT risk, vendors, incidents, evidence, audit trail, posture, and board/regulator readiness.

  • ICT third-party risk and vendor criticality
  • Incident clocks and remediation tracking
  • Evidence-backed control posture

OneComply supports operational evidence and reporting readiness; final legal interpretation remains with the customer and counsel.

Learn more

ISO 27001:2022

Information Security Management System

Mapped evidence coverage

Mapped ISMS control library, Statement of Applicability support, policy/evidence linkage, and certification-preparation reporting.

  • Annex A control tracking
  • Statement of Applicability preparation
  • Evidence reuse from DORA controls

OneComply helps assemble ISMS evidence; it does not replace certification body assessment.

Learn more

NIS2 — EU 2022/2555

Network and Information Security Directive

Mapped evidence coverage

Entity classification, security-measure evidence mapping, incident-readiness tracking, and supply-chain alignment.

  • Essential/important entity classification
  • Security-measure evidence mapping
  • Incident notification readiness

NIS2 obligations vary through national transposition and supervisory expectations.

Learn more

GDPR — EU 2016/679

General Data Protection Regulation

Mapped evidence coverage

Privacy-security evidence linkage across ROPA, DPIA, DSR, consent, breach evidence, processors, and audit trail.

  • ROPA and DPIA tracking
  • DSR workflow evidence
  • Processor/vendor evidence reuse

GDPR compliance depends on facts, processing context, legal basis, and customer policies.

Learn more

CSSF 22/806 — Luxembourg

ICT Risk Management for Financial Entities

End-to-end workflow coverage

Luxembourg-focused overlay for ICT governance, outsourcing readiness, circular tracking, and DORA/CSSF operational alignment.

  • ICT outsourcing readiness gates
  • CSSF circular requirement tracking
  • Cloud officer and governance evidence

CSSF template exports should be reviewed against the current authority template before external submission.

Learn more

CRA — EU 2024/2847

Cyber Resilience Act

Readiness coverage

Future-readiness mapping for product-security controls, SBOM, vulnerability handling, technical documentation, and reporting timelines.

  • Product-security control inventory
  • SBOM evidence linkage
  • Vulnerability handling workflow

CRA obligations phase in over time and require product-specific conformity assessment.

Learn more

DORA operations stay central; other frameworks reuse mapped evidence where the control relationship is defensible.

Apply to DP program